CertPrepNow
ISACAAAIAUpdated 2026-06-13

AAIA Study Guide

Everything you need to pass the ISACA Advanced in AI Audit exam. Structured study plans, key services, common traps, and practice questions.

You Can Pass This Exam For Free

The AAIA exam is passable with free resources if you combine your existing audit expertise with focused AI study over 6-8 weeks:

  • ISACA AAIA Exam Content Outline (free download from ISACA website)
  • NIST AI Risk Management Framework (AI RMF 1.0) documentation (free)
  • ISO/IEC 42001 overview and summary resources (free summaries available)
  • EU AI Act official text and risk classification guides (free)
  • OWASP Top 10 for LLM Applications and ML Security (free)
  • MITRE ATLAS adversarial threat landscape for AI systems (free)
  • 500+ free practice questions on this site

Because AAIA requires an active CISA, CIA, or CPA, candidates already have strong audit fundamentals. The main study gap is AI-specific operations and technical concepts, which free framework documentation covers well.

Choose Your Study Path

You hold CISA/CIA/CPA and have strong audit fundamentals, but limited exposure to AI/ML concepts. You need to build AI technical knowledge before learning how to audit it.

Week 1Learn AI fundamentals: types of AI (machine learning, deep learning, NLP, LLMs, generative AI), model training approaches (supervised, unsupervised, reinforcement learning), and neural network basics
Week 2Study the AI/ML lifecycle end-to-end: data collection, feature engineering, model development, training/validation splits, deployment, monitoring, and decommissioning. Map each stage to audit control points
Week 3Deep dive into AI governance frameworks: NIST AI RMF 1.0, ISO/IEC 42001, EU AI Act risk classifications, and how they map to traditional audit frameworks you already know
Week 4Study Domain 2 Part 1 (46% of exam): data management for AI, MLOps pipelines, feature engineering, train/test splits, cross-validation, and model performance metrics
Week 5Study Domain 2 Part 2: model drift detection, bias monitoring, hallucination rates, prompt injection defenses, data poisoning, vendor/API dependencies, and SLA requirements
Week 6Study Domain 2 Part 3: change management for AI model updates, rollback procedures, incident response specific to AI failures, and supervision of AI outputs and decisions
Week 7Cover Domain 3 (21%): AI audit planning, scoping AI systems, control testing methodologies, evidence collection standards, data analytics in audits, and AI audit reporting
Week 8Practice questions across all domains. Focus on scenario-based questions and review explanations carefully. Target 70%+ on mock exams
Week 9Take full-length mock exams under timed conditions (1.6 minutes per question). Review weak areas and re-study any domains below 65%
Week 10Final review: focus on Domain 2 operations concepts, framework comparisons (NIST vs ISO vs EU AI Act), and commonly confused audit terminology

Exam Overview

Format

90 scenario-based multiple-choice questions, 150 minutes (2.5 hours). Computer-based testing at PSI testing centers or remote proctoring.

Scoring

Scaled score 200-800. Passing: 450. No penalty for wrong answers — always answer every question even if unsure.

Domains & Weights

  • AI Governance and Risk33%
  • AI Operations46%
  • AI Auditing Tools and Techniques21%

Registration

$599 USD. Available at PSI testing centers or via remote proctoring (remote not available in India, Mainland China, or Hong Kong). Exam fee is $599 USD (non-member) or $459 USD (ISACA member). Candidates have a 6-month eligibility window after registration. Qualifying prerequisites: CISA (all holders), or CIA, US CPA, Canadian CPA, Australian CPA/FCPA, Japanese CPA, ACCA, FCCA, ICAEW ACA/FCA, CA ANZ, or Hong Kong CPA/FCPA (with IT audit or advisory role focus).

Topic Priority Table

Not all topics are tested equally. Focus your study time on Tier 1 first, then Tier 2. Tier 3 topics rarely appear — just recognize what they do.

Tier 1: Must KnowYou must understand these concepts deeply, know definitions, and be able to apply them in audit scenarios. These appear across multiple questions and domains.
Tier 2: Should KnowUnderstand what these are and their key characteristics for audit purposes. May appear in 2-5 questions each.
Tier 3: Recognize OnlyKnow what these are at a high level. Rarely more than 1-2 questions each.
Domain 133% of exam

AI Governance and Risk

This domain tests your ability to advise stakeholders on AI governance structures, ethical AI policies, risk assessment methodologies, data governance programs, and regulatory compliance. You must understand how AI governance maps to organizational strategy and how to evaluate whether governance controls are adequate and operating effectively.

Key Topics

NIST AI RMF 1.0ISO/IEC 42001EU AI ActAI Ethics FrameworksData GovernanceAI Risk AssessmentRACI for AI Roles

Must-Know Concepts

  • AI governance structures: AI centers of excellence, AI ethics boards, RACI definitions for model owners, data scientists, risk management, and audit functions
  • AI risk assessment methodologies: identify AI-specific risks (bias, drift, hallucination, adversarial attacks, data quality), assess likelihood and impact, and map to controls
  • Ethical and responsible AI principles: fairness, accountability, transparency, explainability, privacy, safety, and inclusiveness — know how to audit compliance with each
  • Data governance specific to AI: data lineage, data provenance, data quality metrics, data retention policies, consent management, and de-identification techniques
  • Privacy considerations: data minimization, purpose limitation, consent management, cross-border data transfer restrictions, and privacy impact assessments for AI systems
  • Regulatory frameworks: NIST AI RMF four functions (Govern, Map, Measure, Manage), ISO/IEC 42001 certification requirements, EU AI Act risk tiers and conformity assessments
  • AI policy components: acceptable use policies, sanctioned vs unsanctioned AI tools, model approval workflows, data classification requirements, and third-party AI usage policies
  • Workforce impact assessment: evaluating how AI implementation affects job roles, required skills, and organizational change readiness
  • Third-party and vendor governance: right-to-audit clauses, vendor AI risk assessments, SLA requirements, and due diligence for AI service providers

Common Exam Traps

NIST AI RMF is VOLUNTARY guidance. ISO/IEC 42001 is a CERTIFIABLE standard. EU AI Act is LEGALLY ENFORCEABLE. Know which is which — the exam tests this distinction repeatedly
The EU AI Act BANS unacceptable-risk AI entirely (social scoring, real-time biometric surveillance). High-risk AI is NOT banned but requires strict conformity assessments
Data lineage (transformation history) and data provenance (origin and ownership) are DIFFERENT concepts. The exam tests whether you can distinguish them in audit scenarios
AI governance is not just IT governance applied to AI. AI introduces unique risks (bias, hallucination, drift) that require AI-specific governance controls
An AI ethics board ADVISES on ethical considerations. An AI center of excellence IMPLEMENTS standards and best practices. They serve different governance functions
Quick Check: AI Governance and Risk

Question 1 of 3

An organization is deploying a high-risk AI system in the European Union. Which framework imposes MANDATORY compliance requirements with potential financial penalties?

Domain 246% of exam

AI Operations

The largest domain at 46% — expect roughly 41 questions on operational AI topics. Covers the entire AI solution lifecycle, data management, MLOps, testing techniques, drift and bias monitoring, AI-specific threats and vulnerabilities, change management, and incident response. This is where traditional IT auditors lose the most points, as it requires understanding AI-specific technical operations that differ significantly from conventional IT systems.

Key Topics

MLOpsFeature EngineeringModel ValidationDrift DetectionBias MonitoringAdversarial TestingAI Incident ResponseChange Management

Must-Know Concepts

  • AI/ML lifecycle stages from an audit perspective: business case, data collection, data preparation, feature engineering, model development, training, validation, deployment, monitoring, maintenance, and decommissioning — know audit control points at each stage
  • Data management for AI: data ingestion pipelines, feature engineering and feature stores, train/test/validation splits, cross-validation techniques, and data quality assurance
  • Model development methodologies: supervised, unsupervised, and reinforcement learning approaches, model selection criteria, hyperparameter tuning, and reproducibility requirements
  • Testing techniques: unit testing for AI components, integration testing, fairness testing (demographic parity, equal opportunity, disparate impact analysis), adversarial testing, and performance benchmarking
  • Deployment and monitoring: model serving infrastructure, A/B testing, canary deployments, performance monitoring dashboards, drift detection (data drift, concept drift, model drift), and bias rechecking schedules
  • AI-specific threats: data poisoning, prompt injection, model inversion, model theft/extraction, adversarial examples, supply chain attacks on pre-trained models, and hallucination risks
  • Change management for AI: model versioning, approval workflows for model updates, impact assessment for retraining, rollback procedures, and documentation requirements for model changes
  • Incident response for AI: escalation procedures for model failures, automated rollback triggers, root cause analysis for AI-specific incidents (drift, bias emergence, adversarial compromise), and communication protocols
  • Vendor and API dependency management: third-party model risks, SLA monitoring, API versioning risks, and vendor lock-in assessment
  • Supervision of AI outputs: human-in-the-loop requirements, confidence score thresholds, output validation procedures, and escalation criteria for low-confidence decisions

Common Exam Traps

Data drift and concept drift are DIFFERENT. Data drift means input distributions changed. Concept drift means the relationship between inputs and outputs changed. Different detection methods and remediation strategies apply
Model validation (pre-deployment testing) and model monitoring (post-deployment tracking) are DIFFERENT phases with different controls. The exam tests whether auditors verify BOTH exist
Cross-validation is a model evaluation technique, NOT a production monitoring tool. It is used during development to estimate model performance, not after deployment
Adversarial testing must be performed BEFORE deployment. It is a proactive security measure, not a reactive incident response activity
AI change management requires MORE than traditional IT change management. Model retraining can subtly change behavior without code changes, so traditional code-review-only change processes are insufficient
Hallucination monitoring is an AI-SPECIFIC control that has no equivalent in traditional IT auditing. Auditors must verify that hallucination rates are measured and acceptable thresholds are defined
Quick Check: AI Operations

Question 1 of 4

A machine learning model in production has maintained stable accuracy on test data, but business users report that predictions are increasingly wrong. The input data distribution has not changed. What is the MOST likely cause?

Domain 321% of exam

AI Auditing Tools and Techniques

This domain covers the practical methodology of conducting AI audits, including scoping, planning, testing approaches, evidence collection, data analytics, and reporting. It also covers how AI tools can be used within the audit process itself to improve efficiency while maintaining independence and objectivity.

Key Topics

Audit PlanningControl TestingEvidence CollectionData AnalyticsAudit ReportingAI-Assisted AuditingSampling Methodologies

Must-Know Concepts

  • AI audit planning and design: defining audit objectives, identifying AI system boundaries, selecting appropriate control frameworks, stakeholder identification, and risk-based scope determination
  • Control testing methodologies for AI: walkthroughs, configuration reviews, code reviews, output sampling, reperformance of model predictions, and fairness/bias testing
  • Evidence collection standards: sufficiency (enough evidence), reliability (trustworthy sources), relevance (related to control objectives), and reproducibility (can be independently verified)
  • AI-specific audit evidence: model training logs, version control histories, performance metric dashboards, drift detection alerts, fairness test results, data lineage documentation, and approval records
  • Audit sampling for AI: risk-based sampling vs random sampling, full-population testing enabled by AI analytics, stratified sampling across model outputs, and sample size determination
  • Data analytics in AI audits: using AI tools for anomaly detection, pattern recognition, natural language processing for document review, and automated compliance checking
  • Independence and objectivity when using AI tools in audits: avoiding over-reliance on AI-generated audit findings, maintaining professional skepticism, and documenting AI tool limitations
  • AI audit reporting: communicating findings to technical and non-technical stakeholders, risk rating AI-specific findings, recommending remediation for AI control deficiencies, and follow-up procedures
  • Documentation standards: workpaper requirements for AI audits, evidence preservation, audit trail completeness, and quality assurance review

Common Exam Traps

Using AI tools in the audit process does NOT mean you are auditing AI systems. These are opposite directions: Domain 2 is about auditing AI, Domain 3 is about using AI as an audit tool
Full-population testing with AI analytics does NOT eliminate the need for professional judgment. AI can flag anomalies, but the auditor must still evaluate whether findings represent actual control deficiencies
AI-assisted audit analytics must preserve auditor INDEPENDENCE. If the same AI system being audited provides the analytics tools, there is a conflict of interest
Audit evidence from AI systems must be REPRODUCIBLE. If model outputs cannot be reproduced due to stochastic behavior, the auditor must document this limitation
Risk-based sampling is generally preferred over random sampling for AI audits because AI systems have non-uniform risk distributions — certain model behaviors carry higher risk
Quick Check: AI Auditing Tools and Techniques

Question 1 of 3

An auditor is using an AI-powered analytics tool to review 100% of transactions in a financial system rather than traditional sampling. What risk must the auditor be MOST aware of?

Concepts You Must Not Confuse on the AAIA Exam

These pairs appear on nearly every exam. Learn the difference and you'll avoid the most common traps.

NIST AI RMF vs ISO/IEC 42001

Use NIST AI RMF when…

Voluntary risk management framework with four core functions (Govern, Map, Measure, Manage). Provides guidelines for managing AI risks but has no formal certification or enforcement mechanism.

Use ISO/IEC 42001 when…

Certifiable international standard for AI Management Systems. Requires third-party audits and provides formal certification that an organization has proper AI governance structures in place.

Exam trap

NIST AI RMF is voluntary guidance with no enforcement. ISO/IEC 42001 is a certifiable standard with formal audit requirements. Both are governance frameworks, but only ISO/IEC 42001 results in a formal organizational certification.

EU AI Act vs NIST AI RMF

Use EU AI Act when…

Legally binding regulation with risk-based classification (unacceptable, high, limited, minimal). Imposes mandatory conformity assessments on high-risk AI and bans unacceptable-risk AI entirely. Carries financial penalties for non-compliance.

Use NIST AI RMF when…

Voluntary framework providing best-practice guidelines for AI risk management. No legal enforcement, no penalties, and no mandatory assessments. Organizations adopt it voluntarily to improve AI risk posture.

Exam trap

EU AI Act is enforceable LAW with penalties. NIST AI RMF is voluntary GUIDANCE. The exam tests whether you know which is legally binding and which is advisory. An auditor must verify compliance with the EU AI Act if the organization deploys AI in the EU.

Data Drift vs Concept Drift

Use Data Drift when…

Changes in the statistical distribution of input data over time. The model itself has not changed, but the incoming data no longer matches the patterns the model was trained on.

Use Concept Drift when…

Changes in the relationship between input features and the target variable. The underlying real-world phenomenon the model predicts has changed, making the learned patterns obsolete.

Exam trap

Data drift is about changing INPUTS. Concept drift is about changing RELATIONSHIPS between inputs and outputs. Both degrade model performance, but they require different remediation: data drift may need retraining on updated data, while concept drift may require model redesign.

Data Poisoning vs Prompt Injection

Use Data Poisoning when…

Attacking the TRAINING phase by injecting malicious data into the training dataset to corrupt model learning, causing systematically incorrect outputs in production.

Use Prompt Injection when…

Attacking the INFERENCE phase by crafting malicious inputs that manipulate the model's behavior at query time, bypassing safety controls or extracting sensitive information.

Exam trap

Data poisoning attacks the training pipeline BEFORE deployment. Prompt injection attacks the model AFTER deployment at inference time. An auditor must verify controls at both stages: data integrity controls during training and input validation controls during inference.

Model Validation vs Model Monitoring

Use Model Validation when…

A pre-deployment activity that confirms the model meets performance thresholds, fairness criteria, and business requirements through independent testing before the model goes live.

Use Model Monitoring when…

A post-deployment activity that continuously tracks model performance, detects drift, monitors for bias emergence, and triggers alerts when metrics fall below acceptable thresholds.

Exam trap

Validation happens BEFORE deployment. Monitoring happens AFTER deployment. The exam tests whether auditors can verify that BOTH controls exist — a validated model can still degrade after deployment without ongoing monitoring.

Auditing AI Systems vs Using AI in Auditing

Use Auditing AI Systems when…

Applying audit methodologies to evaluate AI systems themselves — assessing governance, controls, risks, bias, explainability, and compliance of the AI solution being audited.

Use Using AI in Auditing when…

Leveraging AI tools and techniques within the audit process to improve efficiency — automated anomaly detection, full-population testing, NLP document review, and AI-assisted analytics.

Exam trap

Domain 2 focuses on auditing AI systems (the AI is the audit target). Domain 3 covers using AI in auditing (AI assists the auditor). The exam tests both directions, and confusing them leads to incorrect answers about audit scope and methodology.

Explainability vs Transparency

Use Explainability when…

The ability to understand HOW a specific AI model makes individual decisions, using technical tools like SHAP and LIME to interpret model behavior at a granular level.

Use Transparency when…

The broader organizational practice of being OPEN about AI system usage, including disclosing that AI is being used, what data it processes, its limitations, and how decisions can be contested.

Exam trap

Explainability is TECHNICAL (how the model decides). Transparency is ORGANIZATIONAL (disclosing AI usage and practices). An auditor must verify both: technical explainability of the model AND organizational transparency in communications to stakeholders.

Data Lineage vs Data Provenance

Use Data Lineage when…

The record of data's transformation history — every processing step, modification, aggregation, and transformation applied to data from ingestion through model training.

Use Data Provenance when…

The origin and ownership of data — where it came from, who collected it, under what consent or license, and the chain of custody from source to current usage.

Exam trap

Lineage tracks HOW data was transformed. Provenance tracks WHERE data originated. Both are critical for AI audit: lineage verifies data integrity through processing, and provenance verifies data was ethically and legally sourced.

Top Mistakes to Avoid

Confusing NIST AI RMF (voluntary guidance) with ISO/IEC 42001 (certifiable standard) with EU AI Act (enforceable law) — each has a fundamentally different compliance status
Mixing up data drift (changing input distributions) with concept drift (changing input-output relationships) — they require different detection and remediation approaches
Treating model validation (pre-deployment testing) and model monitoring (post-deployment tracking) as interchangeable — both must exist independently
Confusing data poisoning (attacks training data before deployment) with prompt injection (attacks model inputs after deployment) — different attack phases require different controls
Assuming traditional IT change management is sufficient for AI systems — model retraining can change behavior without code changes, requiring AI-specific change controls
Mixing up data lineage (how data was transformed) with data provenance (where data originated) — the exam tests both in governance and audit scenarios
Thinking that using AI in the audit process is the same as auditing AI systems — Domain 2 audits AI systems while Domain 3 uses AI as an audit tool
Confusing explainability (technical: how the model decides) with transparency (organizational: disclosing AI usage) — auditors must verify both separately
Assuming that passing model validation once means the model is permanently safe — models degrade over time due to drift, requiring continuous monitoring
Forgetting that AI audit evidence must be reproducible — stochastic model behavior can produce different outputs for the same input, which must be documented

Exam-Ready Checklist

Can explain all 3 exam domains and their relative weights (33%, 46%, 21%) and allocate study time accordingly
Understand the complete AI/ML lifecycle and can identify audit control points at every stage from data collection through decommissioning
Can distinguish between NIST AI RMF (voluntary), ISO/IEC 42001 (certifiable), and EU AI Act (legally binding) and know when each applies
Know all three types of drift (data, concept, model) and can identify appropriate detection and remediation controls for each
Can apply fairness testing methodologies including demographic parity, equal opportunity, and disparate impact analysis in audit scenarios
Understand AI-specific threats (data poisoning, prompt injection, model inversion, adversarial examples) and can verify controls exist for each
Know the difference between auditing AI systems and using AI tools in the audit process, and can maintain independence when using AI-assisted analytics
Can evaluate AI change management controls including model versioning, approval workflows, rollback procedures, and retraining documentation
Understand AI audit evidence standards: sufficiency, reliability, relevance, and reproducibility for AI-specific artifacts like training logs and fairness reports
Can assess vendor/third-party AI risks including right-to-audit clauses, SLA compliance, and data sharing governance
Know AI incident response procedures and how they differ from traditional IT incident response (drift escalation, bias emergence, model failure rollback)
Scored 65%+ on at least two full mock exams under timed conditions (1.6 minutes per question, 450/800 passing score)

Recommended Resources

Free & Official Resources

Paid Courses & Practice Exams

These are recommended if you prefer a structured learning path. They can save time but are not required to pass.

Frequently Asked Questions